Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

PT-2025-30787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability exists in the Linux kernel related to RDMA/mlx5, specifically concerning the initialization of obj event-obj sub list before its insertion using xa insert. This can lead ...

PT-2025-49786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s f2fs file system related to an infinite loop within the insert extent tree function. This occurs when incorrect extent information is received durin...

PT-2024-40644 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java versions affected versions not specified Description: The issue is related to a security exception in the Java java.util.zip package. Specifically, the crash occurs in the jflex.core.NFA.insertNFA and...

PT-2024-16464 · WordPress · Xltab

Name of the Vulnerable Software and Affected Versions: XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress versions up to, and including, 1.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft...

PT-2024-16536 · WordPress · Anywhere Elementor

Name of the Vulnerable Software and Affected Versions: AnyWhere Elementor plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that...

kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

Updated kanboard packages fix security vulnerability

In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information...

MAL-2024-10888 Malicious code in webpack-insert-sentry-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e09bc9d55945389c2e5f8e61bc733735e8f50b50b8ebd61b6801f9d31278d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-insert-sentry-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e09bc9d55945389c2e5f8e61bc733735e8f50b50b8ebd61b6801f9d31278d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-53044

In the Linux kernel, the following vulnerability has been resolved: net/sched: schapi: fix xainsert error path in tcfblockgetext This command: $ tc qdisc replace dev eth0 ingressblock 1 egressblock 1 clsact Error: block dev insert failed: -EBUSY. fails because user space requests the same block...

DEBIAN-CVE-2024-53044

In the Linux kernel, the following vulnerability has been resolved: net/sched: schapi: fix xainsert error path in tcfblockgetext This command: $ tc qdisc replace dev eth0 ingressblock 1 egressblock 1 clsact Error: block dev insert failed: -EBUSY. fails because user space requests the same block...

CVE-2024-52511

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0...

CLSA-2024-1731430561 kernel: Fix of 31 CVEs

driver core: bus: Fix double free in driver API busregister CVE-2024-50055 - net: tun: Fix use-after-free in tundetach CVE-2022-49014 - memcg: fix possible use-after-free in memcgwriteeventcontrol CVE-2022-48988 - ppp: fix pppasyncencode illegal access CVE-2024-50035 - drivers: media:...

PT-2024-40628 · Git +1 · Krb5

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of Use-of-uninitialized-value. The crash state involves the k5 hashtab add and insert entry functions in the fuzz...

OESA-2024-2302 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...

DEBIAN-CVE-2022-48974

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using thiscpuadd in preemptible Currently in nfconntrackhashcheckinsert, when it fails in nfctextvalidpre/post, NFCTSTATINC will be called in the preemptible context, a call trace can be triggered: BUG:...

UBUNTU-CVE-2024-49883

In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...

AZL-50993 CVE-2024-47699 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfsbtreeinsert Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted...

CVE-2024-47699

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfsbtreeinsert Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted...